The Identity and Access Management (IAM) Strategic Roadmap, endorsed by campus information technology governance bodies in the spring of 2013, prioritized the implementation of new enabling technologies to address several functional gaps in IAM services. SailPoint IdentityIQ (IIQ) was selected as the software foundation to close those gaps. The IAM Modernization Program (IAMMP) was chartered to implement SailPoint IIQ and retire the university’s aging legacy IAM system. IAMMP is organized in three phases, starting with the implementation of fundamental functionality, then building on that foundation to expand the benefits of SailPoint IIQ across campus while retiring the legacy IAM infrastructure.
Currently, granting authorizations to employees who join the university or change jobs on campus is a mostly manual process and can take as long as several weeks to complete, during which time employees do not have access to the systems they need to work effectively. SailPoint IIQ will enable the university to streamline and automate the process of requesting and granting system authorizations and also supports role-based authorizations, which will make granting system access even more efficient and automated.
SailPoint IIQ will also reduce the security risks associated with system access being retained by employees when they change jobs or leave the university. As with the granting of system access for new employees, the removal of access for departed employees is in many cases manual and inconsistently managed. Furthermore, the university currently has no way to monitor “who has access to what” across critical campus systems.
The implementation of SailPoint IIQ will enable the retirement of the university’s legacy IAM system, saving the expense that would be required to retrofit the system to operate with Workday and other modernized administrative systems such as ServiceNow.
By completing all three phases of IAMMP, the university will realize the full potential of SailPoint IIQ to automate access requests and approvals, access certifications, separation of duties controls, and reporting of “who has access to what” across the enterprise, while eliminating the costs of the current legacy IAM system.